cbcvebase.
CVE-2010-3864
published 2010-11-17

CVE-2010-3864: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS…

PriorityP356high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
22.14%
97.4th percentile
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Affected

22 ranges
VendorProductVersion rangeFixed in
debianopenssl< openssl 0.9.8o-3 (bookworm)openssl 0.9.8o-3 (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 0.9.8o-30.9.8o-3
opensslopenssl>= 0 < 0.9.8o-30.9.8o-3
opensslopenssl>= 0 < 0.9.8o-30.9.8o-3
opensslopenssl>= 0 < 0.9.8o-30.9.8o-3
vmwareesxi
vmwarevmware_tools
vmwarevmware_vcenter_server
vmwarevmware_vsphere
vmwarevmware_workstation

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.